HttpCookie.HttpOnly in .NET and JavaScript
https://stackoverflow.com/questions/3924686
-
29-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Hello
A web site was developed and deployed to client. In some cases, I need to set the flag HttpCookie.HttpOnly = true. Okay - I have done it. Next question:
- Is Cookie available after setting flag in JavaScript?
- or maybe some restriction when I am using JavaScript?
- or do I need to make some changes in existing JavaScript?
Solution
The purpose of using HttpOnly is to prevent Javascript from accessing the cookie, primarily to prevent XSS attacks. There are decent write-ups on CodingHorror and MSDN about it.
Bottom line: if you need access to the cookie with Javascript you can not use HttpOnly.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
